This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
handiansudianto
Advisor
‎2023-03-31 06:27 PM
Jump to solution

Finding high bandwidth user

Hello,

can we know who user or ip which consume high bandwidth?

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
‎2023-03-31 06:42 PM
In response to handiansudianto
Jump to solution

So .66 is top source and you can also check top users all the way at the bottom, that should give you more info as well.

View solution in original post

0 Kudos
6 Replies
the_rock
Legend
Legend
‎2023-03-31 06:31 PM
Jump to solution

You can generate app control report or if you have monitoring blade enabled, you can probably see it there as well. Also, you can try run command fw ctl multik print_heavy_conn from expert mode of the firewall.

Andy

0 Kudos
handiansudianto
Advisor
‎2023-03-31 06:35 PM
In response to the_rock
Jump to solution

hi..

did you mean top source on monitoring blade?

the_rock
Legend
Legend
‎2023-03-31 06:37 PM
In response to handiansudianto
Jump to solution

That makes sense...sorry. dont have access to the dashboard, but you can see all the options once you open it. Im fairly sure there are some values there for top bandwidth users, src, dst...

0 Kudos
handiansudianto
Advisor
‎2023-03-31 06:40 PM
In response to the_rock
Jump to solution

here screenshot of monitoring blade

Preview file
142 KB
0 Kudos
the_rock
Legend
Legend
‎2023-03-31 06:42 PM
In response to handiansudianto
Jump to solution

So .66 is top source and you can also check top users all the way at the bottom, that should give you more info as well.

0 Kudos
the_rock
Legend
Legend
‎2023-03-31 06:49 PM
In response to handiansudianto
Jump to solution

Just as a reference, things I usually point out to people in cases like this

-always check monitoring blade, if its enabled

-if monitoring blade is not enabled, see if any report can be generated (though you may need to have smart event enabled for that)

-in some cases, compliance blade may also help, though that needs additional license applied to the management server

-commands such as fw ctl multik print_heavy_conn or cpview (just tab between different fields) can also be useful

-cpstat command can also give some insight, when you run it, it gives all the options/ So say you could run cpstat fw -f all, you run command from 2nd row and then -f and flag from last column in the table (its very useful)

Hope that helps.

Have a nice weekend!

Andy

WeekEndGIF.gif

0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events